SSE674Project2-Chapter12

Edit 0 2

Part III - Chapter 12


1. Compare and contrast reactive and proactive quality assurance.


  • The majority of quality assurance practices today are reactive, aimed at detecting and correcting problems that already exist. There is, however, a new quality philosophy, directed at problem prevention, or proactive quality assurance. Proactive QA takes a broad perspective and is not limited to reducing the number of software defects through inspection of source code. This strategy requires an emphasis on cause-effect knowledge, risk analysis, experience, and judgment to justify action. Proactive QA can lead to accelerated development cycles and avoidance of losses, advantages that contribute toward quality for the customer and thus yield a more productive environment. An important customer of proactive QA is project management.

2. Discuss why productivity is meaningless unless you know what your goal is.


  • The goal of managing risk has an intermediate objective of verifying compliance of project practices to the risk management plan, a way to engineer quality results. This intermediate objective is necessary to overcome the obstacle of a faulty plan or deficient practices. The objective of verifying compliance is to determine improvement potential to the plan and of the practice. The distinction between verifying compliance and improving process is the difference between short-term and long-term advantage. In the beginning of a project, “verify compliance” precedes “improve process”. We cannot improve a process that has not been adequately planned or implemented correctly.

3. Explain how verifying compliance of practices to plans is a way to engineer quality results.


  • There is a cause-and-effect relationship between the quality of a plan and the quality of the results. For this reason, we begin an investigation into results by reviewing the plan of activities. The first step in verifying compliance to risk management practices is to review the risk management plan in order to understand the activities, agents, and artifacts of the plan to prepare for a compliance audit. Activities are the risk management practices expected to be performed by the project personnel. Agents are the project roles with responsibility for risk management activities. Artifacts are the expected outputs produced by performing risk management.

4. Explain why you must verify risk management implementation before you improve the risk management process.


  • This is similar to putting the cart before the horse. You must have a program implemented in order to guide a project through the process. It is not impossible to do one without the other, but you must know the circumstances before you start the project. That way you can develop the standard to follow while you are designing your project. If you have a risk management plan and don’t use it until after the fact it can be very costly to recover.

5. List five artifacts of performing risk management.


  • Five artifacts of risk management are:

    • a. Completeness. Do the contents consider all aspects of risk management? Use an outline of a risk management plan as a checklist. Initial the checklist when the plan is complete with respect to the major sections of the outline.

    • b. Understandability. Is the plan easy to read and comprehend? Perhaps a glossary is necessary so that new employees or subcontractors can interpret the plan intended.

    • c. Level of detail. Is the level of detail sufficient to execute the plan? A detailed plan specifies what will be done, when, by whom, and how much it will cost. If these aspects of the plan are not clear, the plan needs additional detail.

    • d. Consistency. Is the plan ambiguous? Look for any contradictions that would confuse the implementation of the plan. For example, inconsistent terminology in the plan can cause people to have difficulty communicating about risks.

    • e. Realistic. Is the perspective of the plan practical? Any plan the claims, “Everyone on the project will continuously perform risk management”, is not realistic. Check for altruistic statements that lack common sense.

6. In your opinion, what are the attributes of a high-quality risk management plan?


  • If you want a high-quality software system, you must ensure that each of its parts is of high quality. Auditing agents and artifacts will help to uncover potential problems. Quality assurance is responsible for auditing the quality actions of agents and alerting management to any deviations. Quality assurance audits the quality of artifacts to ensure management that the work is performed the way it is supposed to be.

7. Do you think that quality assurance professionals can be effective when they do not report through an independent chain of command? Discuss why you do or do not think so.


  • When quality is vital, some independent checks are necessary – not because people are untrustworthy but because they are human. Quality assurance can be effective when competent professionals report through an independent chain of command and support the development of product quality. On large projects, managers need help performing the task of quality assurance. On projects that cannot afford to staff a quality organization, people can monitor each other’s work. On small projects, managers can perform the role of quality assurance. On really small projects, quality assurance can be a part-time role. Quality assurance monitors its own organization to ensure that established standards and procedures are followed. Its prime benefit to management is the assurance it provides them that direction are actually implemented.


8. List five responsibilities for the project role of quality assurance.


  • These are the things that quality assurance person should be thinking about.

    • a. What are your responsibilities related to risk?
    • b. Who briefs risk issues at staff meetings?
    • c. Who is responsible for analysis and risk management metrics?
    • d. Who has received risk management training?
    • e. Who has the responsibility for your risk management plan?

9. Discuss how to ensure the compliance of quality assurance practices.


  • You can ensure compliance of quality assurance by using one of three government standards.

    • a. ISO 9001. This standard is for use when you must ensure conformance to specified requirements during design, development, production, installation, or servicing.

    • b. MIL-STD-498. This standard requires software quality assurance (SQA) as ongoing evaluations of activities and resulting products to ensure that each activity is being performed according to the plan. It requires that the persons responsible for ensuring compliance with the contract shall have the resources, responsibility, authority, and organizational freedom to permit objective SQA evaluations and to initiate and verify corrective actions.

    • c. SEI CMM. It verifies compliance with applicable procedures and standards and provides the software project and other appropriate managers with results.

10. Do you agree that the goal of competitive industry is to provide quality products and services at the most economical costs? Discuss why you do or do not agree.


  • I completely agree that the goal of industry is to provide the customer with a quality product. People in business are after providing the best product at the best price and creating that product with the cheapest means available with the best quality. Software is one of the most difficult things to create. There are a number of things that can go wrong with the process and will cause your timeline to slip. Every slip of time is extra cost that you haven’t budgeted for. By using quality assurance practices you can potentially avoid major flaws in the early stages and create the product intended in the time allotted.







Project Home Next Section